When remote endpoints request resources or applications that are
published by Forefront Unified Access Gateway (UAG), Forefront UAG
can verify the health of the endpoints against specific policies.
These include:

Inbuilt policies─Inbuild Forefront UAG policies allow
you to control endpoint access based on a wide range of compliance
requirements, including the endpoint operating system or browser,
and the endpoint location. Using these policies, you can control
access to applications, application uploads and downloads, and
restrictive application areas.

No infrastructure modifications are required to deploy inbuilt
policies. To use NAP policies, you must set up an NPS in your
network infrastructure. For more information, see Configuring NAP access
policies.